CVE-2017-12364

CWE-89SQL Injection4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 44.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Prime Service Catalog
Timeline
PublishedNov 30
Latest updateMay 13

Description

A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read entries in some database tables. Cisco Bug IDs

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

CVEListV5cisco_prime_service_catalogCisco Prime Service Catalog
NVDcisco/prime_service_catalog11.1.1, 12.0, 12.1+2

🔴Vulnerability Details

2
GHSA
GHSA-qvmv-j2f9-75pf: A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthori2022-05-13
CVEList
CVE-2017-12364: A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthori2017-11-30

📋Vendor Advisories

1
Cisco
Cisco Prime Service Catalog SQL Injection Vulnerability2017-11-29
CVE-2017-12364 (MEDIUM CVSS 6.5) | A SQL Injection vulnerability in th | cvebase.io